Codeword - Enterprise malware detection for the network defender

What is Codeword?

Codeword is an incident response tool for system administrators and computer forensic practitioners. It was built on the premise that critical forensic data is easy to get and that bulky forensic suites are unnecessary and do not serve the interest of the computer network defender. Codeword's main purpose is to quickly expose this critical information in a meaningful way, so that an analyst can come to a reasonable conclusion about an enterprise-wide, active infection in minutes to hours.

What can it do?

Basically, it helps you find bad stuff on your network. Its major capabilities are:

Detection - Codeword uses registry, file and memory "signatures" to detect malware and misconfigurations and heuristics to identify anomalous behavior
Evidence collection - collects any malicious files discovered
Reporting - results are collected, compressed/encrypted and uploaded to a secure location in the Qnet (Sftp, http, smtp, or network share)
Mitigation - disable devices, uninstall apps, change system policies, etc
Cleanup - kill processes/threads, delete/rename files, delete/clear registry entries, restore boot sector
Remote Analysis - connect to agent from admin interface